iCompaas Support

Profile Applicability:

•  Level 1

Description:
 The minimum TLS version setting enforces the lowest version of Transport Layer Security (TLS) protocol allowed for secure connections to Azure Storage Accounts. Setting it to TLS 1.2 ensures that only secure, modern encryption protocols are used to protect data in transit.

Rationale:
 TLS 1.2 provides stronger cryptographic security compared to earlier versions (1.0, 1.1) which have known vulnerabilities. Enforcing TLS 1.2 reduces risks of data interception, tampering, and supports compliance with security standards.

Impact:

Pros:

• Enhances data confidentiality and integrity in transit.
  

• Complies with current security best practices and regulations.
  

Cons:

• May cause compatibility issues with legacy clients not supporting TLS 1.2.
  

• Requires validation and testing to ensure client compatibility.
  

Default Value:
 Minimum TLS version may default to 1.0 or 1.2 depending on the storage account creation date.

Pre-requisites:

• Permissions to modify storage account security settings.
  

• Inventory of clients to ensure TLS 1.2 support.
  

Remediation

Test Plan:

Using Azure Portal:

1. Sign in to https://portal.azure.com.
   

2. Navigate to Storage Accounts and select the target account.
   

3. Under Configuration, check the Minimum TLS Version setting.
   

4. Confirm it is set to TLS 1.2.
   

Using Azure CLI:

1. Check minimum TLS version:
   

   # az storage account show --name <storage-account-name> --resource-group <resource-group> --query minimumTlsVersion

2. Confirm the output is TLS1_2.
   

Implementation Plan

Using Azure Portal:

1. In the storage account Configuration settings, set Minimum TLS Version to TLS 1.2.
   

2. Save changes.
   

3. Test client connectivity to ensure compatibility.
   

Using Azure CLI:

1. Set minimum TLS version to TLS 1.2:
   

   # az storage account update --name <storage-account-name> --resource-group <resource-group> --min-tls-version TLS1_2

2. Confirm the update.
   

Backout Plan

Using Azure Portal:

1. Revert minimum TLS version to previous setting if required.
   

2. Notify users of the change and any compatibility issues.
   

Using Azure CLI:

1. Set minimum TLS version to previous value (e.g., TLS1_0):
   

   # az storage account update --name <storage-account-name> --resource-group <resource-group> --min-tls-version TLS1_0

References:

• Secure transfer to Azure Storage
• Azure Storage security guide